CredProxy: A Password Manager for Online Authentication Environments

En cours de chargement...
Vignette d'image

Date

Nom de la revue

ISSN de la revue

Titre du volume

Éditeur

Université d'Ottawa / University of Ottawa

Résumé

Internet users are increasingly required to sign up for online services and establish accounts before receiving service from websites. On the one hand, generation of strong usernames and passwords is a difficult task for the user. On the other hand, memorization of strong passwords is by far more problematic for the average user. Thus, the average user has a tendency to use weak passwords, and also reuse his passwords for more than one website, which makes several attacks feasible. Under the aforementioned circumstances, the use of password managers is beneficial, since they unburden the user from the task of memorizing user credentials. However, password managers have a number of weaknesses. This thesis is mainly aimed at alleviating some of the intrinsic weaknesses of password managers. We propose three cryptographic protocols which can improve the security of password managers while enhancing user convenience. We also present the design of a phishing and Man-in-the-Browser resistant password manger which best fits into our scheme. Furthermore, we present our novel virtual on-screen keyboard and keypad which are designed to provide strong protection mechanisms against threats such as keylogging and shoulder surfing.

Description

Mots-clés

Dictionary Attacks, Password Managers, Password Security, Website User Authentication, Virtual Keyboards, MITB Attacks

Citation

Approbation

Évaluation

Complété par

Référencé par